FrSIRT - Mandriva Security Update Fixes tar "safer_name

French Security Incident Response Team

Français

English

Mandriva Security Update Fixes tar "safer_name_suffix()" Buffer Overflow

Date de Publication : 2007-10-16 © FrSIRT.COM
Titre : Mandriva Security Update Fixes tar "safer_name_suffix()" Buffer Overflow
Identifiant : FrSIRT/AVIS-2007-3511
CVE ID : CVE-2007-4476
Risque : Modéré (2/4) -

Exploitable à distance : Oui
Exploitable en local : Oui

En savoir plus

Description

Produits affectés

Solution

Références

Description Technique

Une vulnérabilité a été identifiée dans Mandriva, elle pourrait être exploité par des attaquants afin de causer un déni de service ou compromettre un système vulnérable [...]

Solution

Installer les mises à jour :

Mandriva Linux 2007.0:
ad9831bdc61bfd45b4236baf91ba303b 2007.0/i586/tar-1.15.91-1.3mdv2007.0.i586.rpm
799e95edad373e229f27ac662a2803c7 2007.0/SRPMS/tar-1.15.91-1.3mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
a7ca270e229a7a66e3945aa27ebe5574 2007.0/x86_64/tar-1.15.91-1.3mdv2007.0.x86_64.rpm
799e95edad373e229f27ac662a2803c7 2007.0/SRPMS/tar-1.15.91-1.3mdv2007.0.src.rpm

Mandriva Linux 2007.1:
ad38128760a1d444cb7f92b88d0fa7e3 2007.1/i586/tar-1.16-3.2mdv2007.1.i586.rpm
d8be92eefacc8b999f3021942c1e9776 2007.1/SRPMS/tar-1.16-3.2mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
90dff66308016f17f03558d4ba550387 2007.1/x86_64/tar-1.16-3.2mdv2007.1.x86_64.rpm
d8be92eefacc8b999f3021942c1e9776 2007.1/SRPMS/tar-1.16-3.2mdv2007.1.src.rpm

Mandriva Linux 2008.0:
e81d250db24d4f5dd935986dece9f7f0 2008.0/i586/tar-1.18-1.1mdv2008.0.i586.rpm
4dd90e75bf8d363ed44e1bd7346d42cf 2008.0/SRPMS/tar-1.18-1.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
16e3f71fc1b9b2fef42378e025d93ea8 2008.0/x86_64/tar-1.18-1.1mdv2008.0.x86_64.rpm
4dd90e75bf8d363ed44e1bd7346d42cf 2008.0/SRPMS/tar-1.18-1.1mdv2008.0.src.rpm

Corporate 4.0:
ae6c4f628deac215fc00421176245fca corporate/4.0/i586/tar-1.15.1-5.4.20060mlcs4.i586.rpm
00e37ea23dc4f0218ccfed4edbe47bf2 corporate/4.0/SRPMS/tar-1.15.1-5.4.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
ea73607c5f7b4d32cb7c158ffb9fb366 corporate/4.0/x86_64/tar-1.15.1-5.4.20060mlcs4.x86_64.rpm
00e37ea23dc4f0218ccfed4edbe47bf2 corporate/4.0/SRPMS/tar-1.15.1-5.4.20060mlcs4.src.rpm

Historique

2007-10-16 : Version Initiale

Recevez les bulletins FrSIRT

Le service FrSIRT VNS permet aux professionnels de la sécurité (RSSI, DSI, administrateurs et consultants) de recevoir en temps-réel, par email, SMS et flux RSS/XML, des bulletins de vulnérabilités complets, détaillés et personnalisés.

Recherche

Newsletter

	Oracle Products Multiple Code Execution Vulnerabilities
	Oracle Products Command Execution and SQL Injection Vulnerabilities
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities
	Oracle Products Multiple Remote Command Execution and SQL Injection Vulnerabilities

	IBM WebSphere Application Server Security Exposure Vulnerabilities
	IBM AIX DNS Transaction ID Remote Cache Poisoning Vulnerability
	IBM Tivoli Directory Server Entry Handling Double-Free Vulnerability
	IBM AFP Viewer Plug-In "SRC" Property Buffer Overflow Vulnerability
	IBM Hardware Management Console Cross Site Scripting Vulnerabilities
	IBM OS/400 BrSmRcvAndCheck Local Buffer Overflow Vulnerability
	IBM DB2 Multiple Buffer Overflow Vulnerabilities

	Cisco Products Remote DNS Cache Poisoning Vulnerability
	Cisco Wide Area Application Services CUPS Remote Vulnerability
	Cisco UCM Denial of Service and Authentication Bypass Vulnerabilities
	Cisco Intrusion Prevention System Jumbo Frame Vulnerability
	Cisco VPN Client Deterministic Network Enhancer Privilege Escalation
	Cisco Products SNMPv3 Authentication Packets Vulnerabilities
	Cisco PIX and ASA Security Bypass and Denial of Service